Privacy Policy

1. General Information

1.1 Personal Data (Art. 4 No. 1 GDPR)

The subject of data protection is personal data (hereafter also data). Personal data include all information relating to an identified or identifiable natural person. These data include, for example, the name, address, occupation, e-mail address, health status, income, marital status, genetic features, telephone number and if applicable also user data such as an IP address.

1.2 Controller (Art. 4 No. 7 GDPR)

The Controller is the entity responsible for processing your personal data in the context of your use of this website, www.sebamed.de (hereafter the website), here Sebapharma GmbH & Co. KG (hereafter the Operator or Controller). The contact information is:

1.3 Data Protection Officer

The Controller has appointed an external data protection officer, which can be contacted by e-mail under datenschutz@m-consecom.de.

1.4 Right to Object

If you wish to object to the processing of your data by the Operator in accordance with the provisions of this data privacy policy in general or for individual measures, you may do so using the contact information provided in the imprint. Please note that in the event of such an objection, the use of this website and the request for services offered by it may in some circumstances be limited or even impossible.

2. Scope and Purpose of the Data Processing, Legal Basis, Provision of Data and Duration of Storage

2.1 Access and Use of the Website

Each time the website is accessed, user data is transferred by the accessing internet browser and stored in log files (server log files). This access data records the following information:

Date and time of the request

Name of the accessed website

IP address

Referrer URL (URL of origin, from which you arrived at the website)

Volume of data transferred

Product and version information for the accessing browser

The admissibility of such processing is governed by Art. 6 Para. 1 b) GDPR, which states that processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The data processed by the Operator is required to enable you to access and use the website. This data must necessarily be processed during the use of a telemedium. Otherwise you will not be able to access the website.

The log files are analysed by the Operator in anonymised form to continue to improve the website and make it more user-friendly, to detect and rectify errors more quickly and to control server capacities. For example, the Operator can determine the preferred times of access to the website and thus make available appropriate data volumes.

The legal admissibility of this data processing may also be based on Art. 6 Para. 1 f) GDPR, according to which processing is lawful when it is necessary to safeguard the legitimate interests of the Controller or a third party, so long as these interests are not overridden by the fundamental rights or freedoms of the data subject, which require the protection of personal data. The legitimate interests of the Controller involve the provision of a website to convey inform and offer services via the internet. Provision of your data is necessary to invoke the Operator's website. Failure to provide the data means that the website can no longer be invoked and the Operator's services can not be utilised.

Your IP address will be deleted or anonymised after your use is concluded. Anonymisation means the IP address is altered so that it can not or can only with a disproportionate investment of time, cost and labour be attributed to a particular or identified or identifiable natural person.

2.2 Contact Form

This website contains a contact form if you wish to contact the Operator. This form requires that you provide the following information:

In addition, you may voluntarily choose to provide the following information:

Age Group, Skin Type, Skin Sensitivity, Hair Type

The Operator processes your data to communicate with you and to respond to your request.

The legal admissibility of this data processing is based on Art. 6 Para. 1 b) GDPR, according to which processing is lawful when it is necessary for fulfilling a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. Failure to provide the data means that you can not send a message to the Operator.

The personal data processed within the scope of communication will be deleted after the statutory retention obligations have expired, unless the Controller has a legitimate interest in further retention. In any case, only those data will continue to be stored which are actually absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be made anonymous

2.3 Newsletter

You may subscribe to an e-mail newsletter to receive additional information about the Operator.

We use what is known as the double opt-in procedure to distribute the newsletter. This means that you receive a newsletter by e-mail only if you provide your explicit confirmation in advance that you wish to activate the newsletter service. Once you activate the newsletter, you receive an e-mail notification with an activation link. Only by clicking this link will you then receive the newsletter. You may deactivate the newsletter at any time. Contact the Operator to do so or use the link provided in each newsletter to unsubscribe.

The legal admissibility of this data processing is based on Art. 6 Para. 1 a) GDPR, according to which processing is lawful when the data subject has provided consent to the processing of their personal data for one or more purposes. Provision of your data is voluntary and not prescribed by law. Failure to provide the data means that you will not receive a newsletter.

Your data will be deleted after you withdraw your consent, unless the Controller has a legitimate interest in further storage. This may be the case if the Operator still has to store your data due to a contract with you. In any case, only those data will continue to be stored which are actually absolutely necessary to achieve the corresponding purpose.

2.4 Test Club

The Operator regularly organizes a Test Club via the website, where the participants can win products and have to evaluate them in return. The corresponding subpage of the website can only be accessed via a link provided by the Operator on one of his other websites. To participate in the Test Club, the following information is requested on the website:

Participants will receive their winnings and an evaluation form by post. The legal admissibility of this data processing is based on Art. 6 Para. 1 b) GDPR, according to which processing is lawful when it is necessary for fulfilling a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. Your information is required to participate in the Test Club. If you do not provide your data, you will not be able to participate.

The data of the participants will be used by the Operator exclusively for the purpose of participating in the product test and will be deleted after submission of the evaluation.

2.5 Facebook-Competition

The Operator is the owner of a Facebook page on which he regularly organizes competitions. Participation in these competitions usually requires the publication of a comment using the own Facebook account. Once the winners have been determined, the Operator will write to them using the "Send message" function for the purpose of distributing the prize. The winners must then provide the following information:

First Name, Last Name, Street, Post Code, City

The requested data of the participants will only be used for the execution and execution of the competition. The legal admissibility of this data processing is based on Art. 6 Para. 1 b) GDPR, according to which processing is lawful when it is necessary for fulfilling a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. The provision of your data is required for participation in the competition. If you do not provide your details, you will not be able to enter and you will not be able to win any of the prizes.

After the end of the competition, the participants' data including the communication via Facebook will be deleted. The comments under the competition on the Operator's Facebook page will not be deleted.

2.6 Become a Skin Researcher

The Operator offers the users of the website the opportunity to participate in a comprehensive survey under the menu item "Become a Skin Researcher". The subject of this survey is general information, the skin type, the care products used by the user, the living conditions and other habits of the user. The Operator stores the user's data in a database. This is used by the Operator to identify suitable persons for product tests carried out by the Operator. Furthermore, the Operator evaluates the information provided by users in order to obtain information for product development. The data of the users are stored by the Operator without time limitation.

To participate, the user must fill in a multi-page contact form, in which the following general information must first be provided:

Title, First Name, Last Name, Street, Post Code, City, E-mail

Further information about your skin and other health-related attributes in the contact form is voluntary.

If the user is selected for a product test, he will be notified by e-mail and will receive the product to be tested by post. The e-mail contains a link to a questionnaire for product evaluation. The answer to the questions is anonymous and does not allow any conclusions to be drawn about the person of the user.

The admissibility of such processing is governed by Art. 6 Para. 1 f) GDPR, according to which processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

The Operator has a legitimate interest in storing and evaluating information on the use of his products for the purpose of product development and to have product tests carried out by suitable persons. The provision of your data and storage in the Operator's database are required for participation in the product tests carried out by the Operator. If you do not provide the information you will not be selected for a product test and accordingly will not receive any products.

The Operator stores the data provided by the data subjects without any time limit. The user can request the deletion from the Operator's database at any time.

2.7 Applicant Portal

Users have the opportunity to apply via the website for job offers advertised by the Operator. The Operator uses a software application from rexx systems GmbH, Süderstr. 75-79, 20097 Hamburg.

The Operator collects a series of personal data via an application form. Specifically, the following information is requested:

Users also have the option of applying with their own XING or LinkedIn profile. For this purpose, the user needs an appropriate profile.

When the user clicks on the button "Apply with XING profile" or "Apply with LinkedIn profile", he is redirected to the page of the corresponding network, where he can log in with his usage data. This process links to the user's profile. This automatically transfers the user's data stored there to the Operator. The submitted data is mandatory for the application.

Furthermore, the user has the possibility to make his own files available and to transmit them to the Operator:

All data provided to the Operator within the framework of the applicant portal are transmitted via a secure, i.e. encrypted connection.

The admissibility of this processing is governed by § 26 BDSG (new), according to which personal data of employees may be processed for employment purposes if this is necessary for the decision on the establishment of an employment relationship.

The provision of your data is necessary for participation in the application procedure and the conclusion of a contract with the Operator. If you do not provide any or incomplete information, the Operator will not consider you in the application process.

Application documents received by the Operator will be kept for 8 months after rejection, unless the applicant has given his consent for the longer retention.

The Operator uses cookies to collect and store data. Cookies are small data packets that typically consist of letters and numbers and are stored on a browser when you visit certain websites. Cookies allow the website to recognize your browser again, to track your surfing through various sections of a website and to identify you if you visit the website again later. Cookies contain no data that identify you personally but the information about you stored by the Operator may be attributed to the data obtained by and stored in the cookies.

Information that the Operator obtains through the use of cookies may be used for the following purposes:

Recognition of the user's computer when they visit the website

Tracking the user's browsing activity on the website

Improving the user experience of the website

Analysis of the website use by the Operator

Operating this website

Preventing fraud and improving the security of the website

Customising this website taking into consideration the needs of the user

Cookies do not damage your computer in any way. They do not contain viruses and also do not allow the Operator to spy on you. There are two types of cookies. Temporary cookies are automatically deleted when you close your browser (session cookies). In contrast, permanent cookies have a maximum lifetime of up to 20 days. This type of cookie allows your computer to be recognised when you visit the website again later. The cookies allow the Operator to track your use behaviour for the purposes listed above and to an appropriate extent. Cookies also allow you to optimally surf the Operator's website. These data are collected by the Operator only in anonymised form.

The legal admissibility of this data processing is based on Art. 6 Para. 1 b) GDPR, according to which processing is lawful when it is necessary for fulfilling a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. The legal admissibility of this data processing may also be based on Art. 6 Para. 1 f) GDPR, according to which processing is lawful when it is necessary to safeguard the legitimate interests of the Controller or a third party, so long as these interests are not overridden by the fundamental rights or freedoms of the data subject, which require the protection of personal data. The legitimate interests of the Controller involve the provision of a website that contains no errors and the opportunity offer visitors the best user experience. Provision of your data is not prescribed by law. It is possible to visit the website without cookies. If you do not want the Operator to recognize your computer, you can prevent the storage of cookies on your hard drives by selecting the option "do not accept cookies" on your browser settings. To find out specifically how to do this, please read the instructions provided by your browser manufacturer. If you choose to accept no cookies, this may limit the functionality of the website.

Your cookie settings

2.9 Use of Analysis Tools

The Operator uses etracker, a technology of etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg, Germany, to collect and store data for marketing and optimization purposes. These data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies enable the recognition of the Internet browser. The data collected with etracker technologies will not be used to identify you personally without your separate consent and will not be combined with personal data about the bearer of the pseudonym. The collection and storage of data can be revoked at any time with effect for the future http://www.etracker.com/privacy?et=jhbP23.

The admissibility of such processing is governed by Art. 6 Para. 1 a) GDPR, according to which processing is permissible if the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes. The provision of your data is voluntary. Non-provisioning has no effect on the use of the website. The personal data collected in the context of the use of tracking tools will be deleted unless the Controller has a legitimate interest in further storage. In any case, only those data will continue to be stored which are actually absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be made anonymous.

2.10 Google Maps

The Operator uses the map service Google Maps. This is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Maps, information on the use of the website (e.g. date and time of access, IP address, etc.) is transmitted to and stored on a Google server in the USA. The data are used by Google for purposes of advertising market research and / or demand-oriented design of the website. You can also link to your usage account if you are logged in there.

If you don't want Google to link to your account, you must log out before using it. Google's Terms of Use and Privacy Policy apply. If you disable or block Java script in your browser settings, you can prevent Google Maps from running.

The admissibility of such processing is governed by Art. 6 Para. 1 f) GDPR, according to which processing is lawful if it is necessary to safeguard the legitimate interests of the Controller or a third party and provided that the interests or fundamental rights and freedoms of the data subject do not prevail, which require the protection of personal data. The use of data for the purpose of making the maps available for route determination represents a legitimate interest of the Operator within the meaning of Art. 6 Para. 1 f) GDPR. This will facilitate access to the Operator's place of business. The provision of your data is voluntary. Non-provisioning means that you will not be able to use the features of Google Maps on the Operator's website.

The personal data collected in the context of the use of Google Maps will be deleted unless the Controller has a legitimate interest in further storage. In any case, only those data will continue to be stored which are actually absolutely necessary to achieve the corresponding purpose. As far as possible, the personal data will be made anonymous.

2.11 Press Mailing List

Publishers and journalists have the opportunity to be included in the press mailing list. To do this, you can contact the contact persons indicated on the website and enter your contact details. These are used to inform you about product innovations and news from our company.

The admissibility of processing is governed by Art. 6 Para. 1 a) GDPR, according to which processing is permissible if the data subject has given his or her consent to the processing of personal data concerning him or her for one or more specific purposes. Your data must be provided in order to receive the press mailing list. Non-provisioning means that you will not receive the press mailing list and will not be able to receive any information from the Operator.

Your data will be deleted after you withdraw your consent, unless the Controller has a legitimate interest in further storage. This may be the case if the Operator still has to store your data due to a contract with you. In any case, only those data will continue to be stored which are actually absolutely necessary to achieve the corresponding purpose.

3.1 Right of Access Art. 15 GDPR)

Upon request, the Operator will inform you whether he processes data concerning you. The Operator endeavours to respond to requests for information expeditiously.

3.2 Right to Rectification (Art. 16 GDPR)

You have the right to request from the Controller without undue delay the rectification of inaccurate personal data concerning you.

3.3 Right to Erasure (Art. 17 GDPR)

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay and the Controller has the obligation to erase personal data without undue delay where one of the grounds listed in Art. 17 Para. 1 a)-f) GDPR applies.

3.4 Right to Restriction (Art. 18 GDPR)

You have the right to obtain from the Controller restriction of processing where one of the conditions listed in Art. 18 Para. 1 a)-d) GDPR applies.

3.5 Right to Objection (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data concerning that is based on Art. 6 Para. 1 e) or f) GDPR including profiling based on those provisions. The Controller shall no longer process your personal data unless the Controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or if processing is used for the establishment, exercise or defence of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 GDPR, you have the right to object to processing of your personal data on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Please use the contact address provided in the imprint for your message.

3.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive information about your personal data that you have provided to a Controller, in a structured, commonly used and machine-readable format and you have the right to transmit these data to another Controller without hindrance from the Controller to which the personal data have been provided, so long as the processing is based on consent pursuant to Art. 6 Para. 1 a) GDPR, Art. 9 Para. 2 a) GDPR or on a contract pursuant to Art. 6 Para. 1 b) GDPR and if the processing is carried out by automated means.

4. Withdrawal of your Consent

If you have given your consent to the processing of your personal data and withdraw it, the processing up to the time of this withdrawal remains unaffected.

5. Right to lodge a Complaint

You have the right to lodge a complain with a supervisory authority at any time.

6. Recipients

Data obtained as a result of the access and use of this website and information you provide when you make contact are transmitted to the Operator's server and stored there. Otherwise, your data may be forwarded to the following categories of recipients:

7. Links the Third Party Websites

Visiting this website may display content that is linked with the website of a third party. The Operator has no access to the cookies or other functionalities that are used by third-party websites and can not control them. Such third-party websites are not subject to the data privacy conditions of the Operator.